DEV Community: Dominic Barajas

Exploring the Art of Defense: How to Detect and Thwart Social Engineering Attacks

Dominic Barajas — Thu, 19 Oct 2023 01:47:15 +0000

Technological advancements and increased connectivity have made our lives more convenient, cyber threats have also evolved, becoming more sophisticated and deceptive. Social engineering attacks, in particular, have become a substantial menace to cybersecurity. These attacks prey on human vulnerabilities rather than technical weaknesses, making them a challenging adversary. Let's unveil some of the various techniques attackers employ to deceive and manipulate individuals. and fill our toolkit with a robust set of defense strategies to recognize and thwart these bad actors.

The Art of Deception: Unveiling Social Engineering Techniques

Phishing: The Hook That Casts a Wide Net

Phishing is one of the most prevalent social engineering techniques. Attackers disguise themselves as trustworthy entities, such as banks or familiar brands, and send emails or messages containing malicious links or attachments. These deceptions aim to extract sensitive information or deliver malware. To protect yourself:

Always be skeptical of unsolicited requests for personal information.
Verify the sender's legitimacy through official channels, not just the contact details provided in the message.
Hover over links to reveal the actual URL before clicking on them.

Pretexting: Crafting a Convincing Backstory

Pretexting is a manipulative tactic where attackers create elaborate backstories to gain trust and access to sensitive information. They may pose as colleagues, government officials, or service providers. To stay safe:

Always verify the identity of anyone requesting confidential data.
Cross-check the information they provide with official records.
Follow a strict "need-to-know" policy, disclosing only what is essential.

Baiting: Temptation Lures You In

Baiting attacks lure victims into compromising situations by offering something appealing, such as free software, movies, or music downloads. These temptations conceal malware or spyware, ready to infiltrate your system. Protect yourself by:

Exercising caution when downloading files or software from unverified sources.
Using reputable sources for your downloads.
Keeping your devices updated with the latest security patches.
Using tools like Virus Total to investigate URLs or files

Building Resilience: Recognizing and Defending Against Social Engineering Attacks

Skepticism as a Shield

Skepticism is your first line of defense. Always question the legitimacy of unsolicited communications. If something seems too good to be true or raises even the slightest doubt, take a step back and investigate further.

Identity Verification

Verifying the identity of the person or entity making a request is crucial. Utilize official contact details, double-check the information they provide, and don't hesitate to confirm their identity through separate channels if needed.

Ongoing Security Awareness Training

Stay informed and vigilant through ongoing security awareness training. Cybersecurity is an ever-evolving field, and keeping up with the latest threats and defense strategies is essential to staying safe.

Empowerment through Knowledge

The cornerstone of a resilient cybersecurity strategy is empowering individuals with the knowledge to recognize and defend against social engineering attacks. By being vigilant, verifying identities, and staying informed, we can collectively fortify our defenses and outsmart the cunning tactics employed by attackers.

Social engineering attacks are an ever-persistent threat that can target anyone, from individuals to organizations. By understanding the tactics attackers use and adopting a proactive defense strategy, we can navigate the digital landscape with greater confidence. Remember, skepticism is your ally, identity verification is your safeguard, and knowledge is your armor against attacks. Stay informed, stay vigilant, and stay safe in the digital world.

The Importance of Secure Coding: Best Practices for Developers

Dominic Barajas — Sat, 07 Oct 2023 19:50:07 +0000

In an era where software permeates nearly every aspect of our daily lives, the significance of secure coding practices cannot be overstated. Vulnerabilities in code have the potential to unleash a cascade of catastrophic consequences, including severe security breaches, data leaks, and the compromise of user privacy. We will explore the critical importance of secure coding and dive into essential best practices that developers should adhere to. By implementing these practices rigorously, developers can substantially reduce the risk of introducing vulnerabilities and enhance the overall security of their applications.

1. Input Validation: The First Line of Defense

Robust input validation serves as the cornerstone of secure coding. Inadequate validation of user inputs can pave the way for various attacks, such as SQL injection, cross-site scripting (XSS), and more. To fortify your application's defenses:

Scenario: Imagine a simple login form where users enter their username and password. The application's code doesn't properly validate or sanitize user inputs, making it vulnerable to SQL injection.

Vulnerable Code (Before Input Validation):

# SQL Query
query = "SELECT * FROM users WHERE username = '" + user_input_username + "' AND password = '" + user_input_password + "'"

Exploitation (SQL Injection):
Suppose an attacker enters the following input for the username:

' OR '1'='1

The query would then become:

SELECT * FROM users WHERE username = '' OR '1'='1' AND password = 'user_input_password'

In this case, the injected SQL code '1'='1' always evaluates to true, allowing the attacker to bypass authentication and potentially gain unauthorized access.

Use Whitelisting: Employ a "whitelist" approach by explicitly defining the allowable inputs. This means that only known, specific values or patterns are accepted, rejecting anything else.
Parameterized Statements: When dealing with databases, utilize parameterized queries. This method separates data from the query itself, preventing SQL injection attacks by design.
Sanitization: Ensure that all user-generated content is thoroughly sanitized before display. Remove or encode special characters to mitigate the risk of XSS attacks.

Example: Consider a user registration form. Implement input validation to check that the provided email address adheres to a valid format, contains no harmful characters, and is not already in use.

2. Secure Handling of Sensitive Data

The secure handling of sensitive data is paramount for any application. This encompasses safeguarding user passwords, credit card information, and personal details.

Encryption: Utilize strong encryption algorithms to protect data both at rest and in transit. TLS/SSL encryption should be a default for communication over the internet.
Salting and Hashing: Store passwords securely by adding a unique salt to each one before hashing. Hashed passwords are more resistant to attacks.

Scenario: Storing user passwords securely is crucial. Without proper hashing and salting, passwords can be compromised.

Secure Password Storage:

# Registering a new user
salt = generate_random_salt()
hashed_password = hash(user_input_password + salt)
store_salt_and_hash(username, salt, hashed_password)

Here, the password is salted (a unique random value is generated for each user) and then hashed before storage. Even if the database is compromised, attackers won't have access to plaintext passwords.

Data Minimization: Collect and retain only the data that is absolutely necessary for your application's functionality. Avoid unnecessary data storage to minimize potential risk.

Example: If your application requires user authentication, use bcrypt to hash and salt passwords before storing them in the database. This makes it exceedingly difficult for attackers to obtain plaintext passwords even if they compromise the database.

3. Proper Error Handling

While error handling is an often overlooked aspect of security, it can inadvertently reveal valuable information to potential attackers. Secure coding involves error handling practices that are informative to developers but obfuscating to malicious actors.

Scenario: Consider an error during a login attempt.

Custom Error Message (Secure):

Invalid username or password.

This message is informative enough for the user to understand what went wrong but doesn't disclose whether the username or password was incorrect. It prevents attackers from learning which part of the login credentials they guessed correctly.

Custom Error Messages: Create custom error messages that provide minimal information to users. Detailed error messages are invaluable to developers during debugging but can be harmful if leaked to attackers.
Log Management: Implement robust log management to track and analyze errors. Ensure logs do not contain sensitive information and are securely stored.
Fail-Safe Mode: Consider implementing a fail-safe mode that activates during critical errors. This mode should provide minimal information and gracefully handle errors without disclosing internal details.

Example: If an authentication error occurs, display a generic message like "Invalid credentials" to the user, without revealing whether it was the username or password that was incorrect.

4. Use of Secure Coding Frameworks

Leveraging established secure coding frameworks and libraries can be a significant advantage for developers. These frameworks encapsulate best practices, reducing the risk of vulnerabilities in your codebase.

Scenario: You're developing a web application and want to ensure it follows secure coding practices.

OWASP (Open Web Application Security Project):
OWASP provides a wealth of resources, including a list of the top 10 web application security risks. By following their guidance and utilizing their tools, you can proactively address common security issues in your application.

OWASP: Explore the Open Web Application Security Project (OWASP) for a wealth of valuable resources and tools to secure your application.
Security Libraries: Utilize reputable security libraries and components for common security tasks. These libraries are maintained by experts and often undergo rigorous security testing.
Regular Updates: Keep all frameworks and libraries up to date. Regular updates patch known vulnerabilities and are essential to maintaining a secure application.

Example: If you are developing a web application, consider using a web framework like Ruby on Rails or Django, which include built-in security features and practices.

In the constantly evolving landscape of software development, security must remain a top priority. Secure coding practices are not just about protecting user data; they also safeguard an organization's reputation and trustworthiness. By following these comprehensive best practices, developers can build applications with a robust security posture, significantly reducing the risk of security breaches and contributing to a safer digital world for all.

Remember, security is an ongoing commitment, not a one-time effort. Stay vigilant, stay informed, and continuously enhance the security of your code to meet the ever-evolving challenges of today's digital landscape.

Navigating the Cybersecurity Landscape of Remote Work

Dominic Barajas — Sat, 23 Sep 2023 20:00:35 +0000

The shift towards remote work has revolutionized our work culture, offering flexibility and convenience. However, it has also ushered in a new era of cybersecurity challenges. Let's the security implications of remote work and see the challenges faced by individuals and organizations in maintaining a secure remote work environment.

The Increased Reliance on Personal Devices and Home Networks

One of the fundamental changes from remote work is the increased reliance on personal devices and home networks. These environments may not offer the same level of security as corporate offices. To mitigate this risk do these things:

Regular Software Updates: Ensure all devices used for remote work are kept up-to-date with the latest security patches.
Strong Passwords: Encourage the use of strong, unique passwords for all accounts and devices.
Antivirus and Firewall: Install and regularly update antivirus and firewall software to protect against threats.

Risks of Public Wi-Fi Networks

Remote work often involves connecting to public Wi-Fi networks, which can be convenient yet risky. Public Wi-Fi networks lack the security features found in corporate environments, making them a target for cybercriminals. To stay safe:

Use VPNs: Virtual Private Networks (VPNs) create secure tunnels for data transmission, safeguarding your information on public networks.

Secure Remote Access Methods

Understanding the various secure remote access methods is crucial. These include:

VPNs: For secure connections to corporate networks.
Remote Desktop Protocols: When you need to access your office computer remotely.
Cloud-Based Solutions: Securely access and share files using cloud-based services.

Implementing Strong Authentication Measures

Multi-Factor Authentication (MFA) is essential. It adds an extra layer of security by requiring users to provide multiple forms of identification before granting access.

Data Encryption: Protecting Confidentiality

Data encryption is paramount. Encrypt data in transit and at rest using encryption protocols and tools to safeguard confidentiality.

The Human Factor in Remote Work Security

The human element plays a significant role in remote work security. Educate remote workers about common threats:

Security Awareness Training: Teach employees to recognize phishing emails and social engineering attacks.
Shared Responsibility: Foster a culture of security within remote teams, emphasizing shared responsibility for cybersecurity.

The Challenge of Shadow IT

While we navigate the complex cybersecurity landscape of remote work, one particular challenge deserves special attention: Shadow IT. This term refers to the use of unauthorized and unmonitored software, applications, or devices within an organization. It often creeps into remote work environments, posing significant security risks.

In remote work, employees might download and use their favorite productivity tools or communication apps without the IT department's knowledge. While these tools can enhance efficiency, they may also lack the rigorous security standards required by the organization.

To address Shadow IT:

Policy Awareness: Ensure remote employees know the company's IT policies and the risks associated with using unauthorized tools.
Provide Alternatives: Offer approved, secure alternatives to popular consumer-grade apps to meet employees' needs while maintaining security standards.
Monitoring and Reporting: Implement monitoring tools that can identify and report on the use of unauthorized software or devices. This proactive approach allows IT teams to respond swiftly.

Balancing the need for flexibility and innovation with security is essential. Recognizing and addressing Shadow IT is a crucial step in achieving this balance.

Solutions and Best Practices

Here are practical solutions and best practices to enhance remote work security:

Endpoint Protection Software: Install robust endpoint protection software to defend against malware and other threats.
Secure File Sharing and Collaboration Tools: Choose secure tools to facilitate remote collaboration without compromising data security.
Regular Backups: Backup critical data regularly to prevent data loss in the event of a security incident.
Incident Response Planning: Develop a well-defined incident response plan to minimize the impact of potential security incidents.

In an era where remote work continues to evolve, staying ahead of cybersecurity threats is not an option; it's a necessity. This can only be done by both IT and Users working together to safeguard the digital workspace, embrace the benefits of remote work, and address the complexities of the modern work environment without compromising security.

Demystifying Malware: Types, Detection, and Prevention Techniques

Dominic Barajas — Sat, 26 Aug 2023 17:15:55 +0000

In today's digital landscape, the threat of malware looms large, underscoring the vital importance of comprehending its various forms and the means to combat them. Exploring the intriguing diversity of its types—viruses, worms, trojans, and ransomware. Moreover, we delve into the art of detection, unveiling the prowess of antivirus software and the ingenuity of behavior-based analysis. To cap it all off, we unveil practical prevention techniques, from the wisdom of regular software updates to the power of user education and the magic of secure browsing practices.

The Web of Malware: Unmasking its Types

Malware's ability to infiltrate our digital lives stems from a medley of methods:

Free Applications or Software: The allure of free software can be a double-edged sword, leading us into the lair of malware, from pirated software to dubious cracks.
Free File-Sharing Services: Torrents and peer-to-peer platforms can unwittingly spread malware, a shadow cast over the lure of free downloads.
Removable Media: Innocent-seeming USB drives can harbor digital threats, reminding us that curiosity can be hazardous.
Malicious Email Attachments: Phishing emails sneakily carry the seeds of malware, relying on our unsuspecting curiosity to plant their digital traps.

The Malicious Tango: Navigating Notable Malware

Ransomware:

As a virtual extortionist, ransomware stealthily traverses your files, transforming them into impregnable vaults. It then holds your data hostage, demanding a cryptocurrency ransom in exchange for the decryption keys. It's a digital gambit where you're locked out until the ransom is paid.

Example: WannaCry
In 2017, the WannaCry ransomware attack shook the world by exploiting a known Windows vulnerability, swiftly propagating and encrypting countless systems. Its global impact underscored the urgency of system updates and robust security practices.

Trojan:

A Trojan masquerades as legitimate software, and when executed or downloaded opens the gates to attackers. This invader infiltrates without a trace, granting unauthorized access to your things.

Example: Emotet
a notorious Trojan, it takes the guise of a seemingly innocuous email attachment. Once triggered, it deploys additional malware, covertly pillaging sensitive information and granting remote control to malevolent entities.

Worm:

a self-replicating malware that spreads to other computers, often utilizing network vulnerabilities for access. It infiltrates a host computer, scans for new targets, and continues this process as it spreads. Using recursive techniques and exploiting exponential growth, worms rapidly infect numerous computers, causing network harm and consuming bandwidth. This sets them apart from viruses that primarily damage files on a single computer.

Example: Conficker
also referred to as Downup, Downadup, and Kido, is a persistent computer worm focusing on Microsoft Windows. It leverages OS vulnerabilities and password attacks to spread, forming a botnet and stands out for its intricate use of advanced malware tactics. Infecting millions worldwide across 190+ countries.

Botnet:

a set of compromised devices under the control of an unseen puppeteer, using the power of the mass of machines it wields that power for malicious ends—launching massive DDoS attacks or pilfering sensitive data.

Example: Mirai
Mirai's reign as a malevolent botnet manifested through hijacking vulnerable Internet of Things (IoT) devices. Its orchestrators harnessed these devices to launch disruptive DDoS attacks.

Logic Bomb:

A digital sleeper agent, a logic bomb rests dormant until the precise moment triggers its malicious payload. Unlike its explosive counterpart, this agent inflicts damage through calculated and timed releases of malevolent code.

Example: Stuxnet
Stuxnet, a highly sophisticated logic bomb and worm, was designed to target industrial control systems, particularly those in Iran's nuclear program. Its intricacies and targeted destruction highlighted the potential for logic bombs as digital saboteurs.

Crypto Malware:

Operating in the shadows, crypto-malware seizes your device's resources for cryptocurrency mining, harnessing its computing power to solve complex mathematical puzzles and contribute to the digital gold rush, all without your consent.

Example: Coinhive
Coinhive epitomizes this clandestine miner, utilizing visitors' CPU power without consent to mine cryptocurrency on compromised websites. The result: compromised user experience and covert enrichment for malicious actors.

Spyware:

Imagine an unseen observer scrutinizing your every digital move. Spyware, tracking your digital footprint, scrutinizing your actions, and gathering sensitive information.

Example: FinFisher
A commercial spyware suite serves as a tool for surveillance. Often utilized by governments and entities, it covertly monitors activities, captures keystrokes, and even exploits webcams and microphones.

Rootkit:

A clandestine passage to your system's core, a rootkit manipulates functions and provides unauthorized access. Its actions occur beneath the surface, evading detection until it's too late.

Example: Sony BMG Rootkit
Sony BMG's ill-fated rootkit was meant for digital rights management but opened a vulnerability for attackers. Hidden from view, it provided unauthorized access and exposed the fine line between digital rights and digital threats.

Virus:

Much like its biological namesake, a digital virus infiltrates, replicates, and alters your files, spreading its malicious essence. The infected files become agents of harm within interconnected systems.

Example: Melissa
A macro virus, propagated through infected email attachments. It spread through vulnerabilities in Microsoft Word and Outlook, inundating email servers and exemplifying the widespread nature of digital infection.

Potentially Unwanted Programs (PUPs):

Uninvited guests often accompany legitimate programs. These PUPs may not harbor malicious intent, but their resource consumption disrupts smooth system operations.

Example: Conduit Toolbar
The Conduit toolbar epitomizes the unwelcome hitchhiker—bundled with legitimate software, it redirected searches and bogged down systems. A cautionary tale about reading agreements and embracing discernment.

Fileless Virus:

A fileless virus resides exclusively in your system's memory, evading traditional security measures. Its insidious nature defies detection, making it a formidable adversary.

Example: Poweliks
Poweliks, a stealthy fileless malware, enters via malicious attachments or websites. Operating from memory, it utilizes scripting engines like PowerShell, rendering its presence virtually invisible while executing harmful actions.

Command and Control:

In the digital symphony, the Command and Control (C&C) server conducts the malicious ballet. It orchestrates malware behavior, akin to a marionette's strings, dictating actions from afar.

Example: GameOver Zeus
GameOver Zeus, a sophisticated botnet, masterminded widespread banking fraud. It controlled compromised computers, exploiting them to pilfer banking credentials and enabling large-scale financial theft—a stark reminder of network monitoring's significance.

Keyloggers:

Envision a virtual scribe meticulously recording your keystrokes. Keyloggers, these surreptitious chroniclers, capture digital conversations, credentials,

Example: Zeus Trojan (Zbot)
The Zeus Trojan, also known as Zbot, is an infamous keylogging malware that materialized in the digital landscape around 2007. Unlike a typical artist's muse, Zeus was far from benign—it targeted financial institutions and their patrons with a voracious appetite for sensitive data.

these are just a cursory overlook at some of the most well know examples of these malware attacks.

Effective Detection Methods

Antivirus Software

The Guardian of Your Digital Realm

In the battle against malware, antivirus software stands as the sentinel, ceaselessly guarding your digital dominion. This software scans your files and applications for telltale signs of malicious code, working tirelessly to identify and eliminate threats.

One of the primary tools in an antivirus software's arsenal is signature-based detection. It operates by comparing known patterns of malicious code—signatures—against your files. While effective against recognized threats, its Achilles' heel lies in its inability to recognize new or previously unseen malware.

Heuristics steps in where signature-based detection falls short. This approach doesn't rely on exact matches but rather examines files for behaviors that resemble those of malware. In a digital game of cat and mouse, heuristics detects suspicious activities and flags potential threats, offering a broader scope of protection.

Behavior-based analysis takes a more intricate route to malware detection. Rather than scrutinizing files, it studies how software behaves—how it interacts with your system and other applications. If a program exhibits anomalous behavior, such as attempting unauthorized access or modifying files, behavior-based analysis sounds the alarm. The power of behavior-based analysis lies in its adaptability. It can detect both known and unknown threats, making it a potent weapon against the ever-evolving world of malware. This approach also resists evasion tactics used by some malware strains, as they can't camouflage their behavior as easily as their code.

Practical Prevention Techniques

Regular Software Updates

Regular software updates are akin to fortifying the walls of your digital fortress. These updates aren't just about adding features; they often patch security vulnerabilities that malicious actors exploit. Neglecting updates leaves your system vulnerable to attacks that prey on known weaknesses.

creating or turning on an automated Update Process.
Staying current with software updates can be a chore, but automation comes to the rescue. Many operating systems and applications allow you to automate updates, ensuring your defenses remain steadfast without interrupting your workflow.

User Education

User education is a cornerstone in the art of preventing malware. By educating users about common social engineering tactics—like phishing emails and deceptive downloads—you give them the tools to discern genuine opportunities from digital pitfalls. This doesn't mean overwhelming users with technical jargon. Instead, employ relatable examples and scenarios. This empowers users to recognize potential threats and make informed decisions that bolster their digital safety.

Secure Browsing Practices

The vast expanse of the internet is full of beauty and danger. Secure browsing practices are your compass, guiding you away from treacherous waters. Stick to well-known, reputable websites, and avoid clicking on suspicious links or ads that promise too-good-to-be-true offers. Enhance your browsing experience with security-focused tools and extensions. These add-ons can block malicious ads, prevent tracking, and provide an extra layer of defense against digital pitfalls.

In the intricate dance between users and malicious actors, understanding malware types, detection methods, and prevention techniques becomes a powerful tool. By grasping the intricacies of the digital world's malevolent side, you empower yourself to navigate with caution and knowledge. From the vigilant eyes of antivirus software to the wisdom of regular updates, the potency of behavior-based analysis, and being suspicious of links and files can keep your digital security fortified. Remember, education is your ally, and secure practices are your shield protecting you as you traverse the digital realm. Embrace these insights, make them your own, and build a safer online experience for yourself and those around you.

Embracing the Cybersecurity Journey: From Software Engineering to a New Frontier

Dominic Barajas — Thu, 25 May 2023 02:37:20 +0000

Hey there! As a software engineer with over a year of experience, I've recently taken a leap into the thrilling world of cybersecurity. In this blog post, I want to share my personal journey, what motivated me to make this switch, and the exciting steps I'm taking to dive into this fascinating field. So, grab a cup of coffee and join me as we explore how a cool stipend for continued education and my unquenchable curiosity led me to enroll in an awesome online bootcamp offered the university of boulder Colorado. Trust me, this program has already got me hooked with its mix of expert-led lectures, hands-on labs, and tough challenges!

After a year and some change at work I've been comfortably cruising through life as a software engineer, but deep down, I've always had this itch for cybersecurity. The only problem was that my busy workload kept pushing it to the backburner. But guess what? Fate smiled upon me when my company offered a generous stipend for continued education. It was like a neon sign pointing me towards my cyber destiny!

Okay, so buckle up, because this bootcamp I found is the real deal. Imagine sitting in on lectures delivered by some seriously knowledgeable instructors who eat, sleep, and breathe cybersecurity. From one of them originally setting up the first network and internet for the FBI, to another working as a penetration tester consultant who has worked trying to get into facility's at high level companies. These folks are the Jedi Masters of the digital realm, and they know how to make even the most complex concepts feel like a breeze. Seriously, their real-world expertise adds an extra layer of awesomeness to the whole experience.

Now, here's where things get hands-on and exciting! The bootcamp isn't just about passively absorbing information. Oh no, my friend. They take what we learn in those lectures and throw us into practical labs where we get to apply it to real-world situations. It's like going from theory to action in the blink of an eye. I mean, who doesn't love getting their hands dirty and seeing how things work in the wild?

Now, let's talk about the most thrilling part—the challenges. These are the things we do on our own. Typically no instructor safety net. They throw us into real-world scenarios, testing our skills, creativity, and problem-solving abilities. It's like stepping into a virtual battlefield, armed with our newfound knowledge. I gotta admit, it's equal parts nerve-wracking and exhilarating. These challenges have a way of making us think like hackers, but with good intentions, of course.

As I continue my journey into the world of cybersecurity, I can't help but feel a surge of excitement and anticipation. This new direction combines my passion for technology with my deep-rooted desire to protect digital systems and data. Every day, I delve deeper into the complexities and importance of cybersecurity, and with each step, my enthusiasm grows.

I can't wait to see where this path takes me. As I gain a deeper understanding of the intricacies of cybersecurity, I'm eager to contribute to this ever-evolving field. From defending against sophisticated cyber threats to safeguarding sensitive information, my mission is to make a positive impact and ensure a safer digital landscape for all.

Transitioning from software engineering to cybersecurity has been an invigorating decision. The opportunity to pursue continued education, combined with my unyielding passion for all things cyber, has propelled me into this thrilling new frontier. Through the online bootcamp I'm currently enrolled in, I'm acquiring the knowledge, skills, and practical experience necessary to thrive in this exciting field.

So, my fellow adventurers, join me on this journey. Embrace the challenges, broaden your horizons, and let's make a mark in the realm of cybersecurity together. Remember, the path to success is often forged by stepping out of our comfort zones and embracing new opportunities. Stay tuned for more updates as I navigate through this captivating world!

Typescript and the Force

Dominic Barajas — Thu, 04 Nov 2021 19:03:48 +0000

I have recently been tasked with a coding challenge to utilize the Stawars API to display a list of characters from the API as well as a the information provided for each character. the code was provided by the possible employer for a super rad company that I am hoping to land a junior role with. I was a little iffy at first as its a vertical I had ever anticipated working in, but after talking with there head engineer I felt like we really hit it off and how he described the way they set up their teams as well as continue to offer stipend for learning and developing was a big draw!

to the challenge though the first part was pretty simple they provided some code that made an fetch request to the API cool cool I remember doing API fetch request although its been a while since I have for the most part been building my own APIs. but wait... what's this?

 React.useEffect(() => {
    fetchJson<{ results: PersonType[] }>
("people").then((peopleResponse) =>

      setPeople(peopleResponse.results)
    );
  }, []);

useEffect okay that I know arrow function fetchJSON ok that's some type of method wait PersonType... uhh. Well I knew it was coming as GitHub has posted its stats TypeScript is one of the most prolific languages being used to date due to its static types, and debugging prowess once set up. As well as its much easier on ramping if you are a JavaScript user. from last years 2020 GitHub state of the octoverse it was number 4

I have also noticed a trend in more and more places I have been applying that a willingness to learn TS is a bonus for lots of compnaies.

well okay I have never used TS or looked into it other then a brief overview with a friend who is prolific with it. I had some time to get the project in, but with other applications and interviews not as much as I would have liked.

so in a little under 2 days I was able to do enough research to get about 80% of the tasks required complete. the first task was to dispaly the other information for the fetched characters. with that I searched around looking at all the files provided finding in the src folder at the top level a type.ts file

export interface PersonType {
  name: string
}

it had declaration for the PersonType a name that was a string. ok from some deduction I should be able to add more things so I updated it looking at the JSON data through a console log of what the data being provided from the API and changed the file to look like so.

export interface PersonType {
  name: string
  height: string
  mass: string
  hair_color: string
  skin_color: string
  eye_color: string
  birth_year: string
  gender: string
  homeworld: string 
  films: string
  species: string
  vehicles: string
  starships: string
}

I figured everything was a string for now and I could update it later if need be. I made some modifications to the JSX/TSX for the person being displayed an wooh hooh all the data was being presented. hmm but the films, startships and vehicles where showing on one line. okay lets map to make a list. huh cant edit type string with map. okay research time. I spent some time figuring out why I couldnt map out each string I console logged. it is in an array but its saying its a string?!?!

after more reaserch I found out I needed to modify my types as TS is a strict language similar to Java or C++ i needed to make sure my tpes were correct.

I needed to add the empty [] to each type that was an array to let it know that these strings were an array. a simple mistake, but boom some updating to this.

export interface PersonType {
  name: string
  height: string
  mass: string
  hair_color: string
  skin_color: string
  eye_color: string
  birth_year: string
  gender: string
  homeworld: string 
  films: string[]
  species: string
  vehicles: string[]
  starships: string[]
}

and voila I could now map each one. hurray!

next step was to add a functionality for a user to search the list by typing in the characters name. I needed to find the perfect place to build it out and to me it made sence in the People.tsx file as that was where each Person was being set in state. I utilized a filter function with useState() making my const the [query, setQuery]

function People() {
  const [people, setPeople] = React.useState<PersonType[]>([]);
  const [query, setQuery] = useState(""); 

  React.useEffect(() => {
    fetchJson<{ results: PersonType[] }>("people").then((peopleResponse) =>
      setPeople(peopleResponse.results)
    );
  }, []);

  return (
    <div>
      <div className="searchContainer">
        <input
          className="searchInput"
          placeholder="Search By Name"
          onChange={(event) => setQuery(event.target.value)}
        />
      </div>

      {people
        .filter((person) => {
          if (query === "") {
            return person;
          } else if (person.name.toLowerCase().includes(query.toLowerCase())) {
            return person;
          }
        })
        .map((person) => (
          <Person person={person} />
          ))}
    </div>
  );
}

export default People;

I created a container and input to allow me to add CSS later. then filtering through my list of people if the search bar was empty it would return the list if it started to be typed in it would convert everything to lowercase to make it easier on both the typed information and the names on the list then on screen would update to return that matching query. No need to hit submit I wanted it to lie filter to make less work on the user and to make a cooler looking functioning search bar. I then added the map function after the filter to make sure that it still showed on the list all the People.

After that adding some CSS and <fieldset> tags and the like I made it look all shiny and nice. giving it a real Starwars vibe

The last thing I wasn't able to do due to time. Was to get the secondary information as in films, starships, and vehicles. through the API they were linked as a URL to another resource with its own attributes as you can see in the image above.

I have a time setup to do some pair coding and hopefully we can get through that as I haven't been able to research it on my current job hunt schedule this week.

I will update with that functionality either with their help or when I have time to research later next week!

Applying to the API for a job with POST and Postman

Dominic Barajas — Thu, 28 Oct 2021 19:34:31 +0000

What I used

I remember from a recent tech convention I went to we used Postman to do a quick API call to reverse engineer the dominos pizza app. since this is a much more simpler thing and I have an account made with Postman I will be using it for this POST request to applying for a job at Plaid.

I wanted to try and stand out a little more than the traditional applicant and thought it was a neat way to send my info to them.

HOW TO

After creating an account Postman you will be on your home page you will see a "Get Started with Postman" the first box will Start with something new
click on the Create New link a box will pop up with a few options the first being HTTP request.
after clicking on that go to the dropdown to change the GET to a POST request then input the URL they gave you to to their APIs endpoint.
below where you entered the endpoint will be a list of things like below.
find the Body tab click in the circle for raw and then to the right of the GraphQL circle is a dropdown. since they want it in a JSON object change the dropdown to JSON and copy paste their example from the application site if provided. this was the copy provided by Plaid I used.

and what I entered into that body tab
after that just hit the big blue send button and you should get a response back like the one I received below!

and with those few easy steps and Postman you've applied to their API with a POST request. Not to difficult but a great little way companies have been testing people out before you even talk to someone.

First Foray into UNITY with a 2D microgame

Dominic Barajas — Thu, 21 Oct 2021 22:28:43 +0000

I am starting to take the first steps into indie game development by going down the Unity path, with lots of tutorials and documentation to help me learn. Fortunately, Unity has an abundance of resources available. This was one of the reasons I selected Unity over other options.

I decided to go down the Unity learning path and develop my first microgame. There are a few reasons why I chose to start with the 2d platformer. I've been playing a lot of 2D games on my switch and most of them are metroidvania-style games.

the description below from the linked Metoidvania page
wikipedia page on Metroidvania
Metroidvania is a subgenre of action-adventure video games. The term is a portmanteau of the names of the video game series Metroid and Castlevania, with games in the genre borrowing from both series. Typically based on two-dimensional, sidescrolling platform gameplay, Metroidvania games feature a large interconnected world map the player can explore, though access to parts of the world is often limited by doors or other obstacles that can only be passed once the player has acquired special items, tools, weapons, abilities, or knowledge within the game. Acquiring such improvements can also aid the player in defeating more difficult enemies and locating shortcuts and secret areas, and often includes retracing one's steps across the map. Through this, Metroidvania games include tighter integration of story and level design, careful design of levels and character controls to encourage exploration and experimentation, and a means for the player to become more invested in their player character through role-playing game elements.

The end goal is to create my vision of that style. This is how I began. The no-code demo served as an introduction to the editor and was incredibly thorough.

This tutorial showed you how to navigate the editor. First, it explained some very basic navigation methods. Then it showed you how to use the assets by adding in enemies or updating the character's speed to move faster change the color. Add other elements to the platform around the level you were creating. ending with letting you roam free with what you learned to edit the "Scene" as they called it to really see what you could make.

I added in a few larger enemies, I moved some assets around to make some very difficult platforming elements towards the end. And experimented with my first-level design. I was really getting into it and loved how simple it was. it really dragged me in and showed me how powerful the editor was at such a basic level. It made me excited to look more in-depth and begin to code my own functionalities and game later on.

Because I have a software engineering background, I decided to go down both The "Unity Essentials" and "Junior Programmer" paths in order to get a jump on my learning so I can develop faster. Since UnityScript and JavaScript are no longer supported, I will be developing in C#.

Despite hearing horror stories about C#, I know my current skills will help me develop something compelling! I am interested in learning a new language and platform.

for now, I will follow these two paths and next update will see what I can create!!

I recommend anyone wanting to learn to really go and check out the

Unity Essentials Page

Unity Junior Programmer Page

To learn more, dive in. The amount of information provided in the videos, documentation, and lessons has really impressed me.

Let me know some of yall's unity stories! Tell me why you use it, or why you don't. The wins and the struggles. and let's create a Unity group!

Happy coding!

Collaborate across the states

Dominic Barajas — Tue, 12 Oct 2021 22:55:19 +0000

I have been having some brainstorm meetings with a friend talking about creating a game. Something pretty simple a turn based RPG in the vein of Final Fantasy Tactics. But where multiple people can play at the same time.

They are in the industry with a prevalent database company and I am the frontend worker for now. combining our knowledge to teach each other and make one cohesive product.

We have decided how we want to build our backend what data will be needed and how we want version 1.0 to look and play. The place we are now is deciding which engine to use.

We are deciding if we want to use Unity or something like the GO-DOT engine. neither of us have used either, but I have spent the last few days reading over and trying to decide.

I think we are both going with Unity. as it has been really well utilized for similar games. and the awesome Unity learn!

We both currently live in different states but thanks to google meet and other things we have been on a tear developing our idea.

We started by whiteboarding the database entities. Building multiple database tables for the characters, dungeon master, monsters and other related and connected tables. There is a 3-tier setup. An elementary version has fewer data sets and fewer tables. Afterwards, if we make progress faster than expected and the functionality is smooth, a second version will be created. In the Golden Child version, we incorporate all of the dream ideas we have to make the full game we are dreaming of.

Basic version

characters {
name:
race:
characterClass:
skills:
health:
armor:
weapons:
spells:
movement:
}

Game_master {
name:
monsters:
characters:
campaigns:
objectives:
}

campaigns {
name:
objectives:
game_master:
characters:
}

monster {
name:
type:
damage:
health:
armor:
skills:
features:
movement:
}

items {
name:
type:
effect:
}

weapon {
name:
type:
requirements:
damage:
magic:
}

armor {
name:
type:
requirements:
armor_class:
magic:
}

These are our basic tables. not including the spells, skill, and feats tables we are still working on. but you can see from this small sample we have a whole lot working off each-other to make everything functional in the way we want it.

This upcoming week we start to implement things and get it from the paper and pen phase into the codebase and see what we can do.

As far as game engines Unity, Go Dot or whatever you use or even not using a game engine what do you all think is a good way to go for a turn based multiplayer RPG?

Live Coding in an interview and how companies are starting to do it right.

Dominic Barajas — Thu, 07 Oct 2021 23:11:03 +0000

This week's Part Two was supposed to cover my improvements to the NPC Generator, but I decided to table that and focus on coding interviews instead. I had one this week, and it was the best one I've ever had.

Keeping track of dishes while traveling was the company's project and I was asked to design an MVP spending 30-45 minutes max. The premise was that it would be an application used by a chef to enter dishes in a form, add them to a list, display the list, and finally delete a dish.

In a nutshell, I presented my application during the interview and we would build it to offer more functionality according to the interviewer's directions.

What impressed me most about the email was the words they used to describe my success in the technical interview phase. I liked how it addressed how interviews can be stressful and presented it in a more personable way. They encouraged me to work in a language or framework I was comfortable with and genuinely seemed to want me to succeed, and that came across in the interview and after.

Was a great report built in the beginning with my interviewer and us exchanging some stories and with me sprinkling some small hooks for later use in my questions at the end.

During the interview I was asked to add functionality to add ingredients to each dish. Since I needed to build this quickly I opted to not use a backend to store data and just use State to store all info.

originally my constructor was this

constructor(props) {
    super(props);
    this.state = {
      dishes: []
    };
    this.addDish = this.addDish.bind(this);
    this.deleteDish = this.deleteDish.bind(this);
  }

just an array to concat the dishes into with two binds to pass "this" down to the delete and add dish methods I created.

I hadn't worked with state in a minute but was so glad I had gone back and refreshed my brain on syntax and constructors before. the interview.

BIG TIP

go back and refresh on your basics. that is one thing. I learned from a previous one I could do some very advanced things but man some of my basics were lagging. That made this interview so much more fruitful.

END OF TIP

my updated construcor became this.

constructor(props) {
    super(props);
    this.state = {
      dishes: [
        {
          name: "",
          ingredients: [],
        },
      ],
    };
    this.addDish = this.addDish.bind(this);
    this.deleteDish = this.deleteDish.bind(this);
  }

then I had to go through and update the rest of the app to account for the ingredients.

my add dish went from this .

addDish(event) {
    if (this._inputElementName.value !== "") {
      const newDish = {
        dishes: this._inputElement.value,
        key: Date.now(),
      };

      this.setState((prevState) => {
        return {
          dishes: prevState.dishes.concat(newDish),
        };
      });
      this._inputElement.value = "";
    }

which was then changed to this.

addDish(event) {
    if (this._inputElementName.value !== "") {
      const newDish = {
        name: this._inputElementName.value,
        ingredients: this._inputElementIngredient.value,
        key: Date.now(),
      };

      this.setState((prevState) => {
        return {
          dishes: prevState.dishes.concat(newDish),
        };
      });
      this._inputElementName.value = "";
      this._inputElementIngredient.value = "";
    }

I then updated my ref elements to account for the new value and new ingredient and then changing dishes to name which was one thing I over looked and had me debugging for a little bit. to figure out why my values where not presenting when I added a new dish.

BIG TIP 2

get comfortable with console.logs() and whatever debugger your language uses and use them often and frequently. one thing I learned from my teacher was to solve a lot of headaches was anytime i was passing data "which is pretty much all the time" it always keeps you on your toes and will let you know data isn't being passed correctly before you get to far and have to hunt down why and where you made your mistake.

END OF TIP 2

the other functionality that we didn't quite get to was using a list of ingredients what possible dishes could someone make. I was able to make a pseudo version of what it would look like and then walk my interviewer of how I would build it. We did this Because she wanted to make sure to leave time for my questions.

Those questions are so important in an interview that I spent a lot of time coming up with ten and then whittling it down to five depending on how technical the person was.
through those I was really able to build a good report with my interview finding out what set the company aside from others. I was able to cut through the typical BS responses. The information they provided was useful for getting a better understanding of what to expect in the next steps. They had gone through the same program as me, and some solid advice was given. It is always my practice to ask for a timeline at the end to temper expectations and be aware of when to follow up if I do not hear back.

All in all, it was the most professional and personal interview I have ever had. It was really impressive to me how everything was designed to really drive me to succeed and that I was able to really demonstrate my strengths in what I know and how I work.

I'm happy to see more industries take a page from their book and keep building toward creating a better interview process. I think for all parties involved it will really push the industry forward to have those who may be overlooked because they don't have a traditional learning background. Which will create stronger developers and stronger more profitable companies because us underrepresented and untraditional learning background people need a foot in the door and we will show you how much drive we have.

NPC Generator Version 2.0

Dominic Barajas — Thu, 30 Sep 2021 20:47:30 +0000

Dungeons and Dragons is my favorite thing to do with friends. DMing has been my main focus lately with my friends as a lot of them are new to the game. I am also working on my people management skill in the world where their choices can be so impossible to predict. I am always using my coding prowess to make that easier.

I built a fits draft of this application when going into my bootcamp for my javascript portion of the curriculum. I built a generator that would allow for users to create three encounters worth of NPCs for quick battles.

This version I wanted to Flesh out the characters more. I wanted to give myself and my users a nearly complete package from the one click button.


        const npcToAdd = {
            firstName: firstName,
            lastName: lastName,
            title: title,
            race: race,
            sex: sex,
            alignment: alignment,
            health: health,
            armor: armor,
            melee: melee,
            ranged: ranged,
            str: str,
            dex: dex,
            con: con,
            int: int,
            wis: wis,
            cha: cha,
            npcClass: npcClass,
            trait: trait,
            background: background,
            quirk1: quirk1,
            quirk2: quirk2,
            notablePhysicalFeature: physicalTrait

        }
        this.props.addNpc(npcToAdd)
    }

This is my current new list of attributes that I am using for version 2.0

Right now I am at MVP. It works well enough and looks OOOkay. However it doesn’t have the aesthetic that I want or full functionality.

The current logic I have coded builds a full character albeit missing spells and certain fighting techniques. But they are completely usable for a game. when you need a quick NPC for your party to run into. I also provided some amazing storytelling hooks to really let the DM bring them to life. See example below.

This is the current state with some basic aesthetics to center the NPC card and have a few links to explain NPC races and classes. I used it in the last session I played and it really streamlined the gameplay and was perfect for persisting a solid character for my notes for the next session.

The best part of this version is that I have built into the handleClick function that builds the character for the user the logic that builds a character based on the rules of the game. If the character generated is a dwarf they get the +2 bonus to their constitution on top of the stats generated by the random stat function. based on their class they get access to a specific array of titles for that class. see the charisma portion of code below.

const randomChaFunction = () => {

              const chaArray = [1, 2, 3]

              if (randomRace === "Dwarf") {
                  return chaArray[Math.floor(Math.random() * chaArray.length)]
                 } else if (randomRace === "Dragonborn") {
                   return chaArray[Math.floor(Math.random() * chaArray.length) + 1]
                 } else if (randomRace === "Elf") {
                  return chaArray[Math.floor(Math.random() * chaArray.length)]
                } else if (randomRace === "Gnome") {
                  return chaArray[Math.floor(Math.random() * chaArray.length)]
                } else if (randomRace === "Half-Elf") {
                  return chaArray[Math.floor(Math.random() * chaArray.length) + 1]
                } else if (randomRace === "Halfling") {
                  return chaArray[Math.floor(Math.random() * chaArray.length)]
                } else if (randomRace === "Human") {
                  return chaArray[Math.floor(Math.random() * chaArray.length) + 1]
                } else if (randomRace === "Tiefling") {
                  return chaArray[Math.floor(Math.random() * chaArray.length) + 2]
                } else if (randomRace === "Goliath") {
                  return chaArray[Math.floor(Math.random() * chaArray.length)]
                } else if (randomRace === "Firbolg") {
                  return chaArray[Math.floor(Math.random() * chaArray.length)]
                } else if (randomRace === "Goblin") {
                  return chaArray[Math.floor(Math.random() * chaArray.length)]
                } else if (randomRace === "Orc") {
                  return chaArray[Math.floor(Math.random() * chaArray.length)]
                } else if (randomRace === "Tabaxi") {
                  return chaArray[Math.floor(Math.random() * chaArray.length) + 1]
                } else if (randomRace === "Warfoged") {
                  return chaArray[Math.floor(Math.random() * chaArray.length)]
                } else if (randomRace === "half-Orc") {
                  return chaArray[Math.floor(Math.random() * chaArray.length)]
                }
          }

That's the current set up at the moment. The final product will be even more extensive. and I will be working on that. I want the class make sense with the stats generated. whatever the highest stat is the class will generate off of that. For example if Strength is the highest it will create a fighter or barbarian. also based on the class it will give them access to two or three spells of class features.

My plan for that is to place the "Classes" in a separate model with its own features and that model will belong to an NPC and "Classes" will have many NPCs. due to that word being a reserved ruby words I will call it DndClasses for simplicity.

please feel free to check out the current repo. I am hoping to get more work on it done when I get my computer back as I am currently working on a very old Mac Book Air. Which is a struggle haha. I always am up for any advice or tips on making this more robust of the logic more streamlined.

https://github.com/Santiago548/NPC_Generator_Ver2

Getting through app wanderlust and how I regain my focus.

Dominic Barajas — Thu, 23 Sep 2021 21:32:40 +0000

I've been on the job hunt since August. Still, it's not a long time. However, I have been making sure to balance my search with learning, practicing, and taking a breath whenever I can. Whether that be working out, playing some video games, or playing D&D with my friends,

but the biggest thing that gets me pumped up is working on a new project. Building the bones of it and reaching the MVP (minimum viable product) point.

Although I have been experiencing application wanderlust lately. So many ideas fill my head, I start and build, but then move on to the next one. Moving on without getting to that MVP point.

The past was definitely a struggle for me without having a clear goal in mind or letting my mind wander too far off course. The old bad habits would creep back in, and my productivity would suffer. As I worked towards refocusing my mind, I crafted ways for it to get back on track. As everyone's circumstances are different, I can't say for sure if these tips will all help if you're feeling lost. We hope that this checklist of my Limitless Focus Power can provide you with some valuable advice.

See the bullet list at the bottom!

When I wake up in the morning, I ensure I have a cup of black cold brew right away. After that, do the joint movement and full-body stretch routine I learned while doing Parkour. Doing these two things should not take longer than 10 minutes.

Afterward, I will stand at my desk, put on a YouTube study mix or hip-hop mix, and begin to work on a project for an hour. Moving my phone and any other distractions out of sight so I won't see them.

Once the hour is up. I'll do a quick stretch. Once that is done, I get my whiteboard or notebook. I will then spend 30 minutes planning my schedule for the week. Since I am currently seeking employment, my days are pretty packed with study and projects. After that, I will have a whole setup to keep my time focused for the week.

My next step is to work out or do some sort of physical activity for an hour in order to keep my energy level up and help my body cope with stress. Then I will wash up and have breakfast.

Then I'm back behind my computer. I will pick a project and focus on either getting it to MVP or building a newer feature on top of it to make it more robust. I'll be concentrating on that project the whole week.

Afterwards, I will take a ten-minute break every 45 minutes to make sure I'm checking things like posture. Getting some water, or bothering my girlfriend, or throwing the ball to my dog.

My focus this week is on developing an application for exercising. With my old parkour experience, I am building an application that enables you to customize your workout based on what you want. In addition to the workout being tailored to each person's skill level, some instruction will be given on parkour movements.

I so far have built a bit of the front end with some navigation links. I have tested out my embedded YouTube videos that demonstrate the movements. That is courtesy of the amazing Apex School of Movement. My next step is to create the functionality that creates the workout for you based on what type you are looking for.

pseudo code

const buildWorkoutFunction = () = > {
    const uppperBodyArray = upperBody
    const lowerBodyArray = lowerBody

    if (buttonPush === upperBodyButtonBeginer) {
       return beginerUpperBodyWorkout    } else if (buttonPush === upperBodyButtonIntermediate) {
     return intermediateUpperBodyWorkout
    }  else if (buttonPush === upperBodyButtonAdvanced) {
     return advanceUpperBodyWorkout
    }  else if (buttonPush == lowerBodyButtonBeginner) {
     return beginnerLowerBodyWorkout
    }  else if (buttonPush == lowerBodyButtonIntermediate) {
     return intermediateLowerBodyWorkout
    } else if (buttonPush == lowerBodyButtonAdvanced) {
     return advancedLowerBodyWorkout
    } 
}

then some functions that manage all the workouts to build based on what compliments each other and would make sense from my extensive parkour training background.

Currently, to get it to MVP I’m going to have two buttons. An upper body and a lower body. When it is clicked it will generate a workout list to use. That list will have your sets and reps. It will also have descriptions of the movements as well as links to the embedded videos demonstrating the movements. This should have me focused all week and possibly into the following if I am really grove ing on getting the other more ambitious functionality out of it.

So now back focused on a new project my ritual completed yesterday I feel like I can keep this Thomas the tank engine going for another week and keep distractions at a minimum.

wake up as early as you can. 6-8am
grab some caffeinated beverage (cold brew for me)
stretch and wake up with a bit of light joint movement for 10 min
immediately get behind your computer and start working on something for 1 hour
take a 10 min break to loosen up and check your posture.
spend the next 30 minutes planning the week.
take an hour to work out or do any physical activity
clean off and grab some brain fuel.
Then focus on one project for the week.

I do this to get back into the productive groove and keep my practice flowing. I would love to hear how you all refocus.